There have been a lot of brute force attacks recently both on WordPress blogs and Joomla sites. There are even web-based, commercially available tools that are being used to launch these attacks – and they are very effective.

Fear not! There is some steps you can take to make sure that your WordPress site is secure against brute force attacks, keeping your site, its content, any products you offer, your money, data, and, most importantly, your customers safe and sound.

Why Bother Protecting WordPress?

You may not realize it, but your WordPress blog can go wrong in a lot of ways, and if it does, it would have horrible consequences for your business. Some of these problems include:

Temporary issues ranging from something as simple has having your password reset, causing you to be locked out of your account or having your site redirect automatically until you gain access to your account again and correct it.

Loss of content can really be disastrous. Imagine if a hacker got access to your account and deleted all of the articles you had. Do you have them all backed up? Imagine all the time, money, and effort you’ve put into your content gone.

Whether your products are digital or physical, hackers can wreak havoc on your products. If you’ve got a line of digital products (eBooks, graphics, videos, so on) that you keep on your server, they could easily be stolen and distributed. And if you think you’re safe because you sell physical products – think again. How could you know that a hacker changed information so that it looked like they paid for an order until it was too late? You’d have shipped the order out before you realized that you didn’t have the money.

Speaking of money – how much would you lose if a hacker gained access to your account? Do you make your money from advertisers? How much would you stand to lose if your site went down for any length of time?

Are you in the habit of keeping your personal data stored away on your server? Emails, passwords, personal, potentially sensitive information would be just a few clicks away to even the most novice of hackers. This is exactly the kind of thing that sells well in the “information age”. Even if the hacker didn’t have plans to sell your information, they certainly could make good use of it themselves.

If none of the rest has bothered you, perhaps this will: You reputation. When you build a business around yourself, your reputation is key. Most damage is not permanent, but it can and does take a long time to repair – sometimes years. Think of all the business you stand to lose if your customers don’t think that their privacy is protected when they buy from you.

11 Easy Steps to WordPress Security

1 Update WordPress Often. Easy, quick, and simple. Updating WordPress often can help to protect you from hackers. So if you notice a new update out, install it! Critical security updates are issue by WordPress from time to time.

2 Choose Your Username Wisely. Be thoughtful when you choose your username. Don’t do the standard “admin” as so many do, and try not to make it easy to guess by using your name or information about the products you sell or the genre you thrive in. “SteveDog” isn’t too hard to guess when your name is Steve and you sell products related to and discuss dogs all the time.

3 A Strong Password is a Must. Though the importance of strong, alphanumeric passwords has been talked about for years, a surprising amount of people still use simple, easy to guess passwords such as “Password”, “12345678”, and “ABC123”. Others use easy to guess passwords that involve personal information “Sally92”. Though most sites now require you to use an alphanumeric password with a minimum length (some are even including a minimum of one character [!,*,@]), it is still very important to choose something hard to guess. If you’d like, use a password generator when coming up with your password.

4 Don’t Use the Same Info From Other Blogs. If you use the same log in information for all of your blogs, chances are that all of them will be hacked if one gets hacked. Choose different log ins for each blog so that you don’t have to worry about losing all of your blogs when you’re already stressed about losing one of them.

5 Don’t Use Log In Information From Different Sites. Similarly, don’t use the same old usernames and passwords that you use for several other sites, otherwise the hacker might decide to see what other problems they can cause for you on those sites, as well.

6 Attempted Login Limits. WordPress offers plugins that allow you to limit the amount of login attempts that can be made. This is incredibly effective against brute force attacks.

7 Two-Part Authentication. If you want an extra layer of security, go with a two-part authorization. This will send a secret verification code (something which cannot be guessed to your cell phone. This code has to be entered to log in to your blog. You can read more about this and other two-part authentication at: http://en.support.wordpress.com/security/two-step-authentication/

9 Hide Your WordPress Version Number. Not running the most up-to-date version of WordPress? Hackers can and will find out about and exploit this fact by using security holes. But it’s pretty easy to hide what version number you’re using in just two steps. Firstly, open functions.php and add

remove_action(‘wp_head’, ‘wp_generator’);

That’ll get the version number off of your header, but hackers can still access it through your RSS feeds. To prevent that, add

10 Protect wp-config.php The configuration file is usually found in the root WordPress folder, which makes it easy pickings for hackers. But, it doesn’t have to be there! It’s easy to move and will still allow WordPress to function properly. If you’re wp-config.php is located in /public_html/wp-config.php, simply move it to /wp-config.php . Problem solved!

11CAPTCHA is a huge deterrent for hackers as it takes time and effort most aren’t willing to put in. Simply get a CAPTCHA plugin – there are several – and add that final layer of security to your WordPress.

Conclusion

Thankfully securing your blog doesn’t have to be hard. If you take these very easy steps right now, taking only a few minutes out of your day, you don’t have to worry very much or often about hackers.

Share Your Thought

6 Comments

Thank you for the tips about securing WP based sites.
I have been using the WP Better Security plugin for protection of my site.
It’s really a great plugin and I recommend it. The wise decision is also to install one of the available backup plugins in case your site crashes and you want to quickly rebuild your site.Branko Zecevic recently posted…Traffic Exchange Sites And Why I Think They Are A Waste Of Time And Money

Very informative article for new and professional WordPress blogger. I use Protect WordPress from hacker and Akisment to protect my WordPress blog from hacker and spammer. Thanks for sharing this article with us and thank you in advance.Rafiul Islam recently posted…Tips for Driving Targeted Traffic to Your Blog

I am using Limit attempted plugin to secure my wordpress site and I always update WordPress.
I think in password use small and capital letter and also use space in password. it’s best way to protect WordPress blog.Areesha Noor recently posted…Happy Mothers Day Quotes

Leave a Reply

Name (required)

Email (required)

Website

you MUST enable javascript to be able to comment

Notify me of replies to my comment

Notify me of follow-up comments by email.

Notify me of new posts by email.

You can add a link to follow you on twitter if you put your username in this box.Only needs to be added once (unless you change your username). No http or @

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3). Like, Tweet or +1 Google make your link do-follow

Disclosure: I receives compensation from some companies whose products I review. I test most product personally and give honest opinions and high marks to only the best. I am independently owned and the opinions expressed here are my own.

Search for Cash Back Product

Pages

Consumer Disclosure

I may receive compensation from some companies whose products I review. If you buy from a link on this website I may get paid an affiliate commission. This is how I am able to offer cash back and pay the bills.